[英]Is this the correct DRY way to test user roles with RSpec & Shoulda?
我有一個使用cancan的rails應用程序,我正在測試幾個不同的角色。 我正在尋找在幾個控制器上設置這些測試的最干的方法。
這是我到目前為止的縮短版本。 有一個更好的方法嗎? 它對我來說仍然有點沉重。
describe OrganizationsController do
render_views
before do
# User roles
@unauthenticated = User.new
@org_admin = Factory.create(:organization_admin)
@org_staff = Factory.create(:org_staff)
@customer = Factory.create(:customer)
@admin = Factory.create(:admin)
@organization = Factory.create(:organization)
@org_for_admin = Factory.create(:organization, :user_group_id => @org_admin.user_group_id)
@org_attr = FactoryGirl.attributes_for(:organization)
end
describe "GET 'show'" do
authorized = %w(org_admin admin org_staff customer)
not_authorized = %w(unauthenticated)
not_authorized.each do |u|
context "an organization by a user with role: #{u}" do
before do
user = instance_variable_get("@#{u}")
get :show, :id => @organization.id, :format => 'json'
end
it { should_not respond_with :success }
it { should respond_with :forbidden }
end
end
authorized.each do |u|
context "an organization by a user with role: #{u}" do
before do
user = instance_variable_get("@#{u}")
get :show, :id => @organization.id, :format => 'json', :token => user.token
end
it { should respond_with :success }
it { should render_template :show }
it { should respond_with_content_type(/json/) }
it { should assign_to(:organization).with_kind_of(Organization) }
end
end
end
describe "GET 'update'" do
authorized = [%w(admin organization), %w(org_admin org_for_admin)]
not_authorized = [%w(unauthenticated organization), %w(org_staff org_for_admin), %w(customer organization), %w(org_admin organization)]
not_authorized.each do |u, o|
context "an organization by a user with role: #{u}" do
before do
user = instance_variable_get("@#{u}")
organization = instance_variable_get("@#{o}")
put :update, :id => organization.id, :organization => @org_attr, :format => 'json'
end
it { should_not respond_with :success }
it { should respond_with :forbidden }
end
end
authorized.each do |u, o|
context "an organization by a user with role: #{u}" do
before do
user = instance_variable_get("@#{u}")
organization = instance_variable_get("@#{o}")
put :update, :id => organization.id, :organization => @org_attr, :format => 'json', :token => user.token
end
it { should respond_with :success }
it { should render_template :update }
it { should respond_with_content_type(/json/) }
it { should assign_to(:organization).with_kind_of(Organization) }
end
end
end
end
或者,我應該使用cancan匹配器並將這些類型的能力測試移動到模型規范中,並為每個控制器操作進行成功和禁止測試嗎? 對於我的測試在反模式/風格建議方面的任何其他評論也是受歡迎的。
謝謝!
維基描述了你感受到的“痛點”:
在功能/集成級別上徹底測試用戶權限可能很困難,因為通常存在許多分支可能性。
..如果你想獨立於Ability類內部測試控制器的行為,很容易將你想要的任何行為存根。
def setup
@ability = Object.new
@ability.extend(CanCan::Ability)
@controller.stubs(:current_ability).returns(@ability)
end
test "render index if have read ability on project" do
@ability.can :read, Project
get :index
assert_template :index
end
好問題。 我自己經常想知道這件事。 下一次,我將嘗試維基的建議。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.